--- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilterInitializer.java 2015-07-31 13:00:03.710400168 -0400 +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilterInitializer.java 2015-07-31 12:50:07.676400614 -0400 @@ -28,8 +28,11 @@ import org.apache.hadoop.http.FilterContainer; import org.apache.hadoop.http.FilterInitializer; import org.apache.hadoop.http.HttpServer2; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.apache.hadoop.io.IOUtils; import org.apache.hadoop.security.SecurityUtil; +import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.authentication.server.AuthenticationFilter; import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler; import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler; @@ -60,10 +63,12 @@ * The configuration prefix of timeline HTTP authentication */ public static final String PREFIX = "yarn.timeline-service.http-authentication."; + private static final Log LOG = LogFactory.getLog(TimelineAuthenticationFilter.class); private static final String SIGNATURE_SECRET_FILE = TimelineAuthenticationFilter.SIGNATURE_SECRET + ".file"; + @VisibleForTesting Map filterConfig; @@ -132,12 +137,27 @@ } String authType = filterConfig.get(AuthenticationFilter.AUTH_TYPE); + + + LOG.info("AuthType Configured: "+authType); if (authType.equals(PseudoAuthenticationHandler.TYPE)) { + filterConfig.put(AuthenticationFilter.AUTH_TYPE, PseudoDelegationTokenAuthenticationHandler.class.getName()); - } else if (authType.equals(KerberosAuthenticationHandler.TYPE)) { - filterConfig.put(AuthenticationFilter.AUTH_TYPE, + LOG.info("AuthType: PseudoDelegationTokenAuthenticationHandler"); + + } else if (authType.equals(KerberosAuthenticationHandler.TYPE) || (UserGroupInformation.isSecurityEnabled() && conf.get("hadoop.security.authentication").equals(KerberosAuthenticationHandler.TYPE))) { + + if (!(authType.equals(KerberosAuthenticationHandler.TYPE))) { + filterConfig.put(AuthenticationFilter.AUTH_TYPE, + authType); + LOG.info("AuthType: "+authType); + } else { + filterConfig.put(AuthenticationFilter.AUTH_TYPE, KerberosDelegationTokenAuthenticationHandler.class.getName()); + LOG.info("AuthType: KerberosDelegationTokenAuthenticationHandler"); + } + // Resolve _HOST into bind address String bindAddress = conf.get(HttpServer2.BIND_ADDRESS); @@ -162,4 +182,5 @@ TimelineAuthenticationFilter.class.getName(), filterConfig); } + }